Rapid7’s mission is to develop simple, innovative solutions for security’s complex challenges. We understand the attacker better than anyone and build that insight into our security software and services.

NERC Compliance Programs and Solutions

Secure north american bulk power systems from harmful attacks with our NERC compliance programs and solutions

The North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) exists to improve the reliability of the critical bulk power SCADA systems that create and transport electricity around the continent, and the goal of a NERC compliance program is to ensure that the bulk electric system in North America is reliable, adequate and secure. It's not enough to just plan for natural disasters or accidents-the bulk power system now must be planned, designed, built and operated in a manner that also takes into account modern threats to security, including attacks from cyber criminals. NERC compliance programs are required to help prevent these attacks.

It's crucial to keep the bulk power system safe from threats, which is why any bulk power system owner or operator must adhere to NERC compliance standards.

If your organization handles any kind of credit card information, the PCI DSS (PCI Compliance Testing) applies to you. Rapid7 can help you with your NERC compliance program by:

Both Nexpose and Metasploit can help you prepare for your NERC compliance testing, both by scanning your critical systems for vulnerabilities, misconfigurations and malware and by conducting penetration tests to verify how well your systems would resist a real-life attack.

Automated asset discovery and identification

With Nexpose, you can easily and automatically inventory all the assets within your electronic security perimeter, as defined by NERC compliance guidelines. Nexpose will continually discover all physical and virtual assets in your infrastructure and help you group those assets into organizational categories for easier scanning and reporting.

Providing professional consulting services for your NERC compliance program

If you need extra help in defining your electronic security perimeter or in evaluating your NERC compliance program, our professional services team can help with consultations as well as internal and external penetration testing and vulnerability scanning.